Update Subversion

Our old subversion does not seem to support the expiration of letsencrypt root certificate, as we can see in [tests]( https://erp5js.nexedi.net/#/test_result_module/20210930-70CDB278/143): ``` ClientError: ("Unable to connect to a repository at URL 'https://svn.erp5.org/repos/public/erp5/trunk/bt5/test_web'\nServer SSL certificate verification failed: certificate has expired", [("Unable to connect to a repository at URL 'https://svn.erp5.org/repos/public/erp5/trunk/bt5/test_web'", 230001), ('Server SSL certificate verification failed: certificate has expired', 230001)]) ``` This is also what we observe when using svn command from ERP5 software release: ``` ~/srv/slapos/shared/subversion/26833ca5dbfd6944dc2e584d0761dc89/bin/svn info https://svn.erp5.org/repos/public/erp5/trunk/bt5/test_web Error validating server certificate for 'https://svn.erp5.org:443': - The certificate has expired. Certificate information: - Hostname: svn.erp5.org - Valid: from Sep 26 05:47:35 2021 GMT until Dec 25 05:47:34 2021 GMT - Issuer: Let's Encrypt, US - Fingerprint: 01:98:FF:1B:68:A1:55:59:35:EE:1C:57:8A:6E:5A:22:1F:3E:B2:86 (R)eject, accept (t)emporarily or accept (p)ermanently? ^Csvn: E200015: Unable to connect to a repository at URL 'https://svn.erp5.org/repos/public/erp5/trunk/bt5/test_web' ``` Updating subversion and linking it with openssl 1.1 seem to solve the issue. See merge request nexedi/slapos!1053

Update Subversion
Our old subversion does not seem to support the expiration of letsencrypt root certificate, as we can see in [tests]( https://erp5js.nexedi.net/#/test_result_module/20210930-70CDB278/143): ``` ClientError: ("Unable to connect to a repository at URL 'https://svn.erp5.org/repos/public/erp5/trunk/bt5/test_web'\nServer SSL certificate verification failed: certificate has expired", [("Unable to connect to a repository at URL 'https://svn.erp5.org/repos/public/erp5/trunk/bt5/test_web'", 230001), ('Server SSL certificate verification failed: certificate has expired', 230001)]) ``` This is also what we observe when using svn command from ERP5 software release: ``` ~/srv/slapos/shared/subversion/26833ca5dbfd6944dc2e584d0761dc89/bin/svn info https://svn.erp5.org/repos/public/erp5/trunk/bt5/test_web Error validating server certificate for 'https://svn.erp5.org:443': - The certificate has expired. Certificate information: - Hostname: svn.erp5.org - Valid: from Sep 26 05:47:35 2021 GMT until Dec 25 05:47:34 2021 GMT - Issuer: Let's Encrypt, US - Fingerprint: 01:98:FF:1B:68:A1:55:59:35:EE:1C:57:8A:6E:5A:22:1F:3E:B2:86 (R)eject, accept (t)emporarily or accept (p)ermanently? ^Csvn: E200015: Unable to connect to a repository at URL 'https://svn.erp5.org/repos/public/erp5/trunk/bt5/test_web' ``` Updating subversion and linking it with openssl 1.1 seem to solve the issue. See merge request nexedi/slapos!1053
2a84c6eb · Jérome Perrin · 743a753b · e413268e · 2a84c6eb · 2a84c6eb
Commit 2a84c6eb authored Oct 07, 2021 by Jérome Perrin
7 changed files
--- a/component/pysvn-python/buildout.cfg
+++ b/component/pysvn-python/buildout.cfg
@@ -11,10 +11,9 @@ parts =
 recipe = zc.recipe.egg:custom
 egg =
  pysvn
-find-links = http://pysvn.barrys-emacs.org/source_kits/pysvn-1.7.10.tar.gz
+find-links = https://sourceforge.net/projects/pysvn/files/pysvn/V1.9.15/pysvn-1.9.15.tar.gz/download
 patches =
-  ${:_profile_base_location_}/pysvn-1.7.10-inc_lib_dir.patch#08371129e0d0a215fb7f7811a860a89c
+  ${:_profile_base_location_}/pysvn-1.9.15-inc_lib_dir.patch#c16eb88a862d4676c0ea2827f51b991a
-  ${:_profile_base_location_}/pysvn-issue-179.patch#bd3f9629f95f0f749c5a5e93c797ee2b
 patch-options = -p1
 patch-binary = ${patch:location}/bin/patch
 include-dirs =

--- a/component/pysvn-python/pysvn-1.7.10-inc_lib_dir.patch
+++ b/component/pysvn-python/pysvn-1.7.10-inc_lib_dir.patch
-diff -ur pysvn-1.7.10.orig/setup.py pysvn-1.7.10/setup.py
+diff --git a/setup.py b/setup.py
--- pysvn-1.7.10.orig/setup.py	2010-12-30 13:26:51.000000000 +0100
+index e5ce838..e2b95f8 100644
-+++ pysvn-1.7.10/setup.py	2015-08-14 10:29:25.562686564 +0200
+--- a/setup.py
-@@ -19,6 +19,10 @@
+++ b/setup.py
+@@ -40,9 +40,16 @@ import distutils.sysconfig
+ import platform
+ import shutil
+ import sys
+import subprocess
 import os
 import os.path
- import setuptools.command.bdist_egg
+import setuptools.command.bdist_egg
+ from setuptools.command.build_ext import build_ext
 +try:
 +  from ConfigParser import ConfigParser
 +except ImportError:
 +  from configparser import ConfigParser
+
 pysvn_version_info = {}
 f = open( 'Builder/version.info', 'r' )
-@@ -27,13 +28,26 @@
+@@ -77,6 +84,13 @@ class BuildExtensions(build_ext):
-     pysvn_version_info[ key ] = value
+             super( BuildExtensions, self ).build_extension( ext )
- def run(self):
+     def _build_pysvn( self, ext ):
-+    cfg = ConfigParser()
+        cfg = ConfigParser()
-+    cfg.read('setup.cfg')
+        cfg.read('setup.cfg')
-+    kw = {}
+        kw = {}
-+    for key in ('include-dirs', 'library-dirs'):
+        for key in ('include-dirs', 'library-dirs'):
-+        if cfg.has_option('build_ext', key):
+            if cfg.has_option('build_ext', key):
-+            kw[key] = cfg.get('build_ext', key)
+                kw[key] = cfg.get('build_ext', key)
 +
-     # Generate metadata first
+         dest_dir = os.path.join( os.path.abspath( self.build_lib ), 'pysvn' )
-     self.run_command("egg_info")
-     os.chdir('Source')
+         # Generate metadata first
-    os.system(sys.executable + ' setup.py configure')
+@@ -91,9 +105,13 @@ class BuildExtensions(build_ext):
-+    os.system(sys.executable + ' setup.py configure --include-dirs=%(include-dirs)s --library-dirs=%(library-dirs)s' % kw)
+         # Invoke the build system. This will generate the __init__.py and
-     os.system('make clean')
+         # .so that we'll package.
-     os.system('make')
+         os.chdir( 'Source' )
-    os.system('make egg DISTDIR="%s"' % os.path.abspath(os.path.join('..', self.dist_dir)))
+-        os.system( sys.executable + ' setup.py configure' )
-+    os.system('rm -rf dist; mkdir -p dist/EGG-INFO')
+-        os.system( 'make clean' )
-+    os.system('cp -rvf pysvn dist')
+-        os.system( 'make' )
-+    os.system('cp -rvf ../pysvn.egg-info/* dist/EGG-INFO')
+        subprocess.check_call(sys.executable + ' setup.py configure --include-dirs=%(include-dirs)s --library-dirs=%(library-dirs)s' % kw, shell=True)
-+    os.system('find dist/pysvn -type f | sed s:dist/:: > dist/EGG-INFO/SOURCES.txt')
+        subprocess.check_call('make clean', shell=True)
-+    setuptools.command.bdist_egg.make_zipfile(
+        subprocess.check_call('make', shell=True)
-+        self.egg_output, 'dist', verbose=self.verbose,
+        subprocess.check_call('rm -rf dist; mkdir -p dist/EGG-INFO', shell=True)
-+        dry_run=self.dry_run, mode=self.gen_header())
+        subprocess.check_call('cp -rvf pysvn dist', shell=True)
-     os.chdir('..')              # Go back in parent directory
+        subprocess.check_call('cp -rvf ../pysvn.egg-info/* dist/EGG-INFO', shell=True)
-     # Add to 'Distribution.dist_files' so that the "upload" command works
+        subprocess.check_call('find dist/pysvn -type f | sed s:dist/:: > dist/EGG-INFO/SOURCES.txt', shell=True)
-     getattr( self.distribution, 'dist_files', [] ).append(
-diff -ur pysvn-1.7.10.orig/Source/setup_configure.py pysvn-1.7.10/Source/setup_configure.py
+         # Copy the built files to the destination pysvn/ directory.
--- pysvn-1.7.10.orig/Source/setup_configure.py	2014-11-09 11:55:47.000000000 +0100
+         self.mkpath( dest_dir )
-+++ pysvn-1.7.10/Source/setup_configure.py	2015-08-17 10:41:05.781767086 +0200
+diff --git a/Source/setup_configure.py b/Source/setup_configure.py
-@@ -54,6 +54,8 @@
+index 2bf8ca1..7037f8f 100644
- class Options:
+--- a/Source/setup_configure.py
+++ b/Source/setup_configure.py
+@@ -55,6 +55,8 @@ class Options:
     all_options_info = {
         '--arch':               (2, '<arch>'),
+         '--distro-dir':         (2, '<dir>'),
 +        '--library-dirs':       (1, '<dir>:<dir>:...'),
 +        '--include-dirs':       (1, '<dir>:<dir>:...'),
         '--apr-inc-dir':        (1, '<dir>'),
         '--apu-inc-dir':        (1, '<dir>'),
         '--apr-lib-dir':        (1, '<dir>'),
-@@ -511,12 +513,16 @@
+@@ -542,12 +544,16 @@ class Compiler:
         raise last_exception
     def find_svn_bin( self ):
@@ -70,28 +80,28 @@ diff -ur pysvn-1.7.10.orig/Source/setup_configure.py pysvn-1.7.10/Source/setup_c
 +            return ''
     def find_svn_lib( self ):
-         folder = self.find_dir(
+         last_exception = None
-@@ -589,8 +595,8 @@
+@@ -633,8 +639,8 @@ class Compiler:
         # override the base_dir_list from the command line kw
         svn_root_dir = None
 -        if self.options.hasOption( kw ):
 -            base_dir_list = [self.options.getOption( kw )]
 +        if kw and self.options.hasOption( kw ):
-+            base_dir_list = self.options.getOption( kw ) + base_dir_list
+            base_dir_list = [self.options.getOption( kw )] + base_dir_list
+         debug( '__find_dir base_dir_list=%r' % (base_dir_list,) )
-         elif( self.options.hasOption( '--svn-root-dir' )
+@@ -644,7 +650,7 @@ class Compiler:
-         and svn_root_suffix is not None ):
-@@ -604,7 +610,7 @@
             if self.verbose:
                 print( 'Info: Checking for %s in %s' % (name, full_check_file) )
             if os.path.exists( full_check_file ):
 -                return os.path.abspath( dirname )
 +                return dirname
-         raise SetupError( 'cannot find %s %s - use %s' % (name, check_file, kw) )
+         raise SetupError( 'Cannot find %s %s - use %s' % (name, check_file, kw) )
-@@ -629,6 +635,17 @@
+@@ -669,6 +675,17 @@ class Compiler:
     def getSvnVersion( self ):
         return self.__svn_version_tuple
@@ -109,33 +119,42 @@ diff -ur pysvn-1.7.10.orig/Source/setup_configure.py pysvn-1.7.10/Source/setup_c
 class Win32CompilerMSVC90(Compiler):
     def __init__( self, setup ):
-@@ -1093,7 +1110,7 @@
+@@ -1185,6 +1202,7 @@ class UnixCompilerGCC(CompilerGCC):
-                         '%(PYCXX)s/Src',
+         CompilerGCC.__init__( self, setup )
-                         '/usr/share/python%s/CXX' % distutils.sysconfig.get_python_version() # typical Linux
+         self._find_paths_pycxx_dir = [
+                        '../Import/pycxx-7.1.5',
+                         distutils.sysconfig.get_python_inc(), # typical Linux
+                         '/usr/include'
+                         ]
+@@ -1194,7 +1212,7 @@ class UnixCompilerGCC(CompilerGCC):
+                         '/usr/src/CXX'
                         ]
 -        self._find_paths_svn_inc = [
 +        self._find_paths_svn_inc = self._include_dirs() + [
                         '/usr/include/subversion-1',            # typical Linux
                         '/usr/local/include/subversion-1',      # typical *BSD
                         '/usr/pkg/include/subversion-1',        # netbsd
-@@ -1103,14 +1120,14 @@
+@@ -1204,7 +1222,7 @@ class UnixCompilerGCC(CompilerGCC):
-                         '/usr/local/bin',                        # typical *BSD
+                         '/usr/local/bin',                       # typical *BSD
-                         '/usr/pkg/bin',                                # netbsd
+                         '/usr/pkg/bin',                         # netbsd
                         ]
 -        self._find_paths_svn_lib = [
 +        self._find_paths_svn_lib = self._library_dirs() + [
                         '/usr/lib64',                           # typical 64bit Linux
                         '/usr/lib',                             # typical Linux
                         '/usr/local/lib64',                     # typical 64bit Linux
-                         '/usr/local/lib',                       # typical *BSD
+@@ -1212,7 +1230,7 @@ class UnixCompilerGCC(CompilerGCC):
                         '/usr/pkg/lib',                         # netbsd
+                         '/usr/lib/x86_64-linux-gnu',            # debian/unbuntu
                         ]
 -        self._find_paths_apr_inc = [
 +        self._find_paths_apr_inc = self._include_dirs() + [
                         '/usr/include/apr-1',                   # typical Linux
+                         '/usr/include/apr-1.0',                 # typical Linux
                         '/usr/local/apr/include/apr-1',         # Mac OS X www.metissian.com
-                         '/usr/pkg/include/apr-1',               # netbsd
+@@ -1223,7 +1241,7 @@ class UnixCompilerGCC(CompilerGCC):
-@@ -1120,7 +1137,7 @@
                         '/usr/local/include/apache2',           # alternate *BSD
                         ]
         self._find_paths_apr_util_inc = self._find_paths_apr_inc
@@ -144,7 +163,7 @@ diff -ur pysvn-1.7.10.orig/Source/setup_configure.py pysvn-1.7.10/Source/setup_c
                         '/usr/lib64',                           # typical 64bit Linux
                         '/usr/lib',                             # typical Linux
                         '/usr/local/lib64',                     # typical 64bit Linux
-@@ -1186,6 +1203,8 @@
+@@ -1310,6 +1328,8 @@ class LinuxCompilerGCC(UnixCompilerGCC):
         if not self.setup.options.hasOption( '--norpath' ):
             py_ld_libs.extend( [
                     '-Wl,--rpath',

--- a/component/pysvn-python/pysvn-issue-179.patch
+++ b/component/pysvn-python/pysvn-issue-179.patch
-http://pysvn.tigris.org/ds/viewMessage.do?dsForumId=1334&dsMessageId=3094617
-diff -ur pysvn-1.7.10.orig/Source/pysvn_svnenv.cpp pysvn-1.7.10/Source/pysvn_svnenv.cpp
--- pysvn-1.7.10.orig/Source/pysvn_svnenv.cpp	2010-11-20 13:02:37.000000000 +0100
-+++ pysvn-1.7.10/Source/pysvn_svnenv.cpp	2015-08-17 17:39:50.491209720 +0200
-@@ -292,8 +292,8 @@
-     if( accept_permanently )
-     {
-         new_cred->may_save = 1;
-        new_cred->accepted_failures = accepted_failures;
-     }
-+    new_cred->accepted_failures = accepted_failures;
-     *cred = new_cred;
--- a/component/serf/buildout.cfg
+++ b/component/serf/buildout.cfg
@@ -10,12 +10,22 @@ extends =
 [serf]
 recipe = slapos.recipe.cmmi
 shared = true
-url = https://archive.apache.org/dist/serf/serf-1.2.1.tar.bz2
+url = https://archive.apache.org/dist/serf/serf-1.3.9.tar.bz2
-md5sum = 4f8e76c9c6567aee1d66aba49f76a58b
+md5sum = 370a6340ff20366ab088012cd13f2b57
-configure-options =
+scons-command =
-  --with-apr=${apr:location}
+  python ${scons:location}/scons.py \
-  --with-apr-util=${apr-util:location}
+  APR="${apr:location}" \
-  --with-openssl=${openssl-1.0:location}
+  APU="${apr-util:location}" \
-environment =
+  OPENSSL="${openssl:location}" \
-  CFLAGS=-I${zlib:location}/include -I${libuuid:location}/include
+  PREFIX=@@LOCATION@@ \
-  LDFLAGS=-L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib -L${libuuid:location}/lib -Wl,-rpath=${libuuid:location}/lib
+  CFLAGS="-I${zlib:location}/include -I${libuuid:location}/include" \
+  LINKFLAGS="-L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib -L${libuuid:location}/lib -Wl,-rpath=${libuuid:location}/lib"
+configure-command = :
+make-binary = ${:scons-command}
+[scons]
+recipe = slapos.recipe.build:download-unpacked
+shared = true
+url = https://prdownloads.sourceforge.net/scons/scons-local-2.3.0.tar.gz
+md5sum = d262e6c6da620488d2226fabc8aabf09
+strip-top-level-dir = false
--- a/component/subversion/buildout.cfg
+++ b/component/subversion/buildout.cfg
@@ -15,26 +15,25 @@ extends =
  ../sqlite3/buildout.cfg
  ../zlib/buildout.cfg
  ../swig/buildout.cfg
+  ../lz4/buildout.cfg
 parts =
  subversion
 [subversion]
 recipe = slapos.recipe.cmmi
 shared = true
-url = http://apache.mirrors.tds.net/subversion/subversion-1.8.14.tar.bz2
+url = https://downloads.apache.org/subversion/subversion-1.14.1.tar.bz2
-md5sum = fe476ba26d6835eba4393780ea907361
+md5sum = 2eccc2c7451397e01a13682600af9563
-# Patch available thanks to gentoo developpers
-# https://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/dev-vcs/subversion/files/subversion-fix-parallel-build-support-for-perl-bindings.patch
-patches =
-  ${:_profile_base_location_}/subversion-fix-parallel-build-support-for-perl-bindings.patch#fd69f4c932b4882ed98c59eb102be64a
 configure-options =
  --disable-static
  --with-apr=${apr:location}
  --with-apr-util=${apr-util:location}
  --with-serf=yes
  --without-apxs
+  --with-utf8proc=internal
  --with-zlib=${zlib:location}
  --with-sqlite=${sqlite3:location}
+  --with-lz4=${lz4:location}
  --without-berkeley-db
  --without-sasl
  --without-apr_memcache
@@ -53,9 +52,9 @@ configure-options =
 make-targets = install -j1
 environment =
  PATH=${patch:location}/bin:${perl:location}/bin:${pkgconfig:location}/bin:%(PATH)s
-  PKG_CONFIG_PATH=${apache:location}/lib/pkgconfig:${sqlite3:location}/lib/pkgconfig:${openssl-1.0:location}/lib/pkgconfig:${serf:location}/lib/pkgconfig
+  PKG_CONFIG_PATH=${apache:location}/lib/pkgconfig:${sqlite3:location}/lib/pkgconfig:${openssl:location}/lib/pkgconfig:${serf:location}/lib/pkgconfig
  CPPFLAGS=-I${libexpat:location}/include -I${libuuid:location}/include
-  LDFLAGS=-L${libexpat:location}/lib -Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${sqlite3:location}/lib -Wl,-rpath=${apache:location}/lib -L${libuuid:location}/lib -Wl,-rpath=${libuuid:location}/lib -Wl,-rpath=${openssl-1.0:location}/lib
+  LDFLAGS=-L${libexpat:location}/lib -Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${sqlite3:location}/lib -Wl,-rpath=${apache:location}/lib -L${libuuid:location}/lib -Wl,-rpath=${libuuid:location}/lib -Wl,-rpath=${openssl:location}/lib -Wl,-rpath=${serf:location}/lib -Wl,-rpath=${lz4:location}/lib
 [subversion-1.9]
 recipe = hexagonit.recipe.cmmi

--- a/component/subversion/subversion-fix-parallel-build-support-for-perl-bindings.patch
+++ b/component/subversion/subversion-fix-parallel-build-support-for-perl-bindings.patch
--- Makefile.in	2011-07-16 13:50:53.000000000 +0200
-+++ Makefile.in.new	2012-03-11 12:13:57.000000000 +0100
-@@ -732,7 +732,7 @@
- extraclean-swig-headers: clean-swig-headers
- 	$(EXTRACLEAN_SWIG_HEADERS)
-$(SWIG_PL_DIR)/native/Makefile.PL: $(SWIG_SRC_DIR)/perl/native/Makefile.PL.in
-+$(SWIG_PL_DIR)/native/Makefile.PL: $(SWIG_SRC_DIR)/perl/native/Makefile.PL.in libsvn_swig_perl
- 	./config.status subversion/bindings/swig/perl/native/Makefile.PL
- $(SWIG_PL_DIR)/native/Makefile: $(SWIG_PL_DIR)/native/Makefile.PL
--- a/stack/erp5/buildout.cfg
+++ b/stack/erp5/buildout.cfg
@@ -621,7 +621,7 @@ depends =
 Acquisition = 2.13.12+SlapOSPatched001
 Products.DCWorkflow = 2.2.4+SlapOSPatched001
 ocropy = 1.0+SlapOSPatched001
-pysvn = 1.7.10+SlapOSPatched002
+pysvn = 1.9.15+SlapOSPatched001
 python-ldap = 2.4.32+SlapOSPatched001
 python-magic = 0.4.12+SlapOSPatched001
 PyPDF2 = 1.26.0+SlapOSPatched001